<?

require_once(dirname(__FILE__) . '/../config.php');

$admin_password = filter_input(INPUT_COOKIE, 'admin_password', FILTER_SANITIZE_STRING);

if ($admin_password != BSDDS_ADMIN_PASSWORD_HASHED) {
	die("Invalid password");
}

require_once(APPLICATION_ROOT . "/db.php");

$status = filter_input(INPUT_GET, 'status', FILTER_SANITIZE_STRING);
$id = filter_input(INPUT_GET, 'id', FILTER_SANITIZE_STRING);
$referer = filter_input(INPUT_SERVER, 'HTTP_REFERER', FILTER_SANITIZE_URL);

if ($status AND $id) {
	$status = mysql_escape_string($status);
	$id = mysql_escape_string($id);
	$time = time();
	$sql->update(BSDDS_PURCHASE_TABLE, "status=\"$status\"", "transactionID=$id");

	# Check whether to update the timestamp.
	if ($status == "Completed") {
		$sql->update(BSDDS_PURCHASE_TABLE, "time=NOW()", "transactionID=$id");
	}
}

header("Location: " . $referer);

?>